403 research outputs found
Verification of Pointer Programs Based on Forest Automata
V tĂ©to práci je rozvĂjena existujĂcĂ metoda pro shape analĂ˝zu programĹŻ zaloĹľená na lesnĂch automatech. Dále je takĂ© vylepšována implementace tĂ©to metody, nástroj Forester. LesnĂ automaty jsou zaloĹľeny na stromovĂ˝ch automatech, jejichĹľ jednoduchou implementaci Forester obsahuje. PrvnĂm pĹ™Ănosem tĂ©to práce je nahrazenĂ tĂ©to implementace knihovnou VATA, která obsahuje efektivnĂ algoritmy pro reprezentaci a manipulaci stromovĂ˝ch automatĹŻ. Verze nástroje Forester pouĹľĂvajĂcĂ knihovnu VATA se zúčastnila mezinárodnĂ soutěže SV-COMP 2015. Dále je verifikace zaloĹľená na lesnĂch automatech v tĂ©to práci rozšĂĹ™ena o predikátovou abstrakci a analĂ˝zu nalezenĂ˝ch protipĹ™ĂkladĹŻ. VĂ˝sledek tĂ©to analĂ˝zy je moĹľnĂ© vyuĹľĂt následujĂcĂmi zpĹŻsoby. PrvnĂm je urÄŤenĂ toho, zda je nalezenĂ© chyba reálná nebo naopak nepravá. DruhĂ˝m je pak zjemnÄ›nĂ predikátovĂ© abstrakce pomocĂ predikátĹŻ odvozenĂ˝ch pĹ™i zpÄ›tnĂ©m bÄ›hu. ObÄ› techniky byly takĂ© implementovány v nástroji Forester. Na závÄ›r je zhodnoceno zlepšenĂ, kterĂ© tyto techniky pĹ™inesly oproti pĹŻvodnĂ verzi nástroje Forester.In this work, we focus on improving the forest automata based shape analysis implemented in the Forester tool. This approach represents shapes of the heap using forest automata. Forest automata are based on tree automata and Forester currently has only a simple implementation of tree automata. Our first contribution is replacing this implementation by the general purpose tree automata library VATA, which contains the highly optimized implementations of automata operations. The version of Forester using the VATA library participated in the competition SV-COMP 2015. We further extended the forest automata based verification method with two new techniques - a counterexample analysis and predicate abstraction. The first one allows us to determine whether a found error is a real or spurious one. The results of the counterexample analysis is also used for creating new predicates which are used for the refinement of predicate abstraction. We show that both of these techniques contribute to an improvement over the early approach.
Template-based verification of heap-manipulating programs
We propose a shape analysis suitable for analysis engines that perform automatic invariant inference using an SMT solver. The proposed solution includes an abstract template domain that encodes the shape of a program heap based on logical formulae over bit-vectors. It is based on a points-to relation between pointers and symbolic addresses of abstract memory objects. Our abstract heap domain can be combined with value domains in a straight-forward manner, which particularly allows us to reason about shapes and contents of heap structures at the same time. The information obtained from the analysis can be used to prove reachability and memory safety properties of programs manipulating dynamic data structures, mainly linked lists. The solution has been implemented in 2LS and compared against state-of-the-art tools that perform the best in heap-related categories of the well-known Software Verification Competition (SV-COMP). Results show that 2LS outperforms these tools on benchmarks requiring combined reasoning about unbounded data structures and their numerical contents
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers (Technical Report)
We consider the problem of verifying liveness for systems with a finite, but
unbounded, number of processes, commonly known as parameterised systems.
Typical examples of such systems include distributed protocols (e.g. for the
dining philosopher problem). Unlike the case of verifying safety, proving
liveness is still considered extremely challenging, especially in the presence
of randomness in the system. In this paper we consider liveness under arbitrary
(including unfair) schedulers, which is often considered a desirable property
in the literature of self-stabilising systems. We introduce an automatic method
of proving liveness for randomised parameterised systems under arbitrary
schedulers. Viewing liveness as a two-player reachability game (between
Scheduler and Process), our method is a CEGAR approach that synthesises a
progress relation for Process that can be symbolically represented as a
finite-state automaton. The method is incremental and exploits both
Angluin-style L*-learning and SAT-solvers. Our experiments show that our
algorithm is able to prove liveness automatically for well-known randomised
distributed protocols, including Lehmann-Rabin Randomised Dining Philosopher
Protocol and randomised self-stabilising protocols (such as the Israeli-Jalfon
Protocol). To the best of our knowledge, this is the first fully-automatic
method that can prove liveness for randomised protocols.Comment: Full version of CAV'16 pape
Foundations for decision problems in separation logic with general inductive predicates
Abstract. We establish foundational results on the computational com-plexity of deciding entailment in Separation Logic with general induc-tive predicates whose underlying base language allows for pure formulas, pointers and existentially quantified variables. We show that entailment is in general undecidable, and ExpTime-hard in a fragment recently shown to be decidable by Iosif et al. Moreover, entailment in the base language is Î P2-complete, the upper bound even holds in the presence of list predicates. We additionally show that entailment in essentially any fragment of Separation Logic allowing for general inductive predicates is intractable even when strong syntactic restrictions are imposed.
- …